Hi Prabath,
I have rollback my policy.xml to direct inflow and outflow
security. Now i am getting the request with encrypted data but some of the
data missing from .NET client, please the below error details and
configuration of services.xml and .NET app.config file
Errordetails
2009-12-17 01:31:07,128 [TP-Processor22] INFO
org.apache.ws.security.message.token.SecurityTokenReference -
X509IssuerSerial alias: null
2009-12-17 01:31:07,128 [TP-Processor22] DEBUG
org.apache.ws.security.processor.EncryptedKeyProcessor - X509IssuerSerial
alias: null
2009-12-17 01:31:07,128 [TP-Processor22] INFO
com.ycs.narada.services.PasswordCallBackHandler - PasswordCallback handle
2009-12-17 01:31:07,128 [TP-Processor22] INFO
com.ycs.narada.services.PasswordCallBackHandler - Identifier::null
2009-12-17 01:31:07,128 [TP-Processor22] DEBUG
org.apache.rampart.handler.WSDoAllReceiver - WSDoAllReceiver: exit invoke()
2009-12-17 01:31:07,128 [TP-Processor22] ERROR
org.apache.axis2.engine.AxisEngine - WSDoAllReceiver: security processing
failed
org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed
at
org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:214)
at
org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:86)
at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72)
at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:133)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767)
at
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697)
at
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
at java.lang.Thread.run(Thread.java:595)
Caused by: org.apache.ws.security.WSSecurityException: The signature or
decryption was invalid; nested exception is:
java.lang.Exception: alias is null
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:292)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:92)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:80)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)
at
org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:211)
... 24 more
Caused by: java.lang.Exception: alias is null
at
org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(CryptoBase.java:137)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:290)
... 29 more
Services.xml:
<module ref="rampart" />
<parameter name="InflowSecurity">
<action>
<items>Encrypt Signature</items>
<passwordCallbackClass>com.ycs.test.PasswordCallBackHandler</passwordCallbackClass>
<decryptionPropFile>service.properties</decryptionPropFile>
<signaturePropFile>service.properties</signaturePropFile>
</action>
</parameter>
<parameter name="OutflowSecurity">
<action>
<items>Encrypt Signature</items>
<user>service</user>
<encryptionUser>client</encryptionUser>
<encryptionPropFile>service.properties</encryptionPropFile>
<passwordCallbackClass>com.ycs.test.PasswordCallBackHandler</passwordCallbackClass>
<signaturePropFile>service.properties</signaturePropFile>
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
</action>
</parameter>
app.config:
<client>
<endpoint address="http://localhost:1919/testWs/services/HelloWorld";
behaviorConfiguration="ClientCertBehavior" binding="customBinding"
bindingConfiguration="JavaInterop"
contract="localhost.HelloWorldPortType"
name="HelloWorldHttpSoap12Endpoint">
<identity>
<dns value="YALAMANCHILI" />
</identity>
</endpoint>
</client>
<bindings>
<customBinding>
<binding name="JavaInterop">
<security defaultAlgorithmSuite="Basic128Rsa15"
allowSerializedSigningTokenOnReply="true"
authenticationMode="MutualCertificate"
requireDerivedKeys="false"
securityHeaderLayout="Lax" includeTimestamp="true"
messageProtectionOrder="EncryptBeforeSign"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<issuedTokenParameters keyType="AsymmetricKey">
<issuer address="" binding="customBinding"
bindingConfiguration="JavaInterop" />
<issuerMetadata address="">
<identity>
<certificateReference x509FindType="FindByIssuerName"
isChainIncluded="false" />
</identity>
</issuerMetadata>
</issuedTokenParameters>
<localClientSettings detectReplays="false" />
<secureConversationBootstrap
defaultAlgorithmSuite="Basic128Rsa15"
allowSerializedSigningTokenOnReply="true"
authenticationMode="MutualCertificate"
requireDerivedKeys="false" securityHeaderLayout="Lax"
messageProtectionOrder="EncryptBeforeSign">
<issuedTokenParameters keyType="AsymmetricKey" />
</secureConversationBootstrap>
</security>
<textMessageEncoding messageVersion="Default" />
<httpTransport />
</binding>
</customBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="ClientCertBehavior">
<clientCredentials>
<clientCertificate findValue="f1 88 d8 95 76 76 5b be 74 53 90
92 fc cf 16 e0 67 5e 4d 34"
storeLocation="CurrentUser" storeName="My"
x509FindType="FindByThumbprint" />
<serviceCertificate>
<defaultCertificate findValue="d4 79 bc 17 94 3a 3c 14 a1 a2
1f c7 ba b7 a7 3e 08 1b 0a 8d"
storeLocation="CurrentUser" storeName="My"
x509FindType="FindByThumbprint" />
<authentication certificateValidationMode="None"
revocationMode="NoCheck" />
</serviceCertificate>
<peer>
<peerAuthentication certificateValidationMode="None" />
<messageSenderAuthentication
certificateValidationMode="None"
revocationMode="NoCheck" />
</peer>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
Kindly help me, i am struggling from last one week.
Thanks in Advance
---------------
Sivakumar
Prabath Siriwardena-2 wrote:
>
> Hi Siva;
>
> Once you auto generate the proxy for the java service with .NET - it
> will generate the app.config in a policy compliant manner...
>
> ---------------------------------------------
> Thanks & Regards
> Prabath Siriwardena
>
> http://blog.facilelogin.com
> http://RampartFAQ.com
>
> On Dec 20, 2009, at 6:30 PM, SivaKumarl
> <[email protected]> wrote:
>
>>
>> Hi Prabath,
>> Now i defined a security policy for my service, can you
>> please provide the alternate policy for .NET client. kindly find the
>> below
>> policy file for java
>>
>> <wsp:Policy wsu:Id="SecConvPolicy2"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>>
>> "
>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
>> <wsp:ExactlyOne>
>> <wsp:All>
>> <sp:SymmetricBinding
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>> <wsp:Policy>
>> <sp:ProtectionToken>
>> <wsp:Policy>
>> <sp:SecureConversationToken
>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>>
>> ">
>> <wsp:Policy>
>> <sp:RequireDerivedKeys/>
>> <sp:BootstrapPolicy>
>> <wsp:Policy>
>> <sp:EncryptedParts>
>> <sp:Body/>
>> </sp:EncryptedParts>
>> <sp:SymmetricBinding>
>> <wsp:Policy>
>>
>> <sp:ProtectionToken>
>> <wsp:Policy>
>>
>> <sp:X509Token
>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never
>>
>> ">
>>
>> <wsp:Policy>
>>
>> <sp:RequireDerivedKeys/>
>>
>> <sp:RequireThumbprintReference/>
>>
>> <sp:WssX509V3Token10/>
>> </
>> wsp:Policy>
>> </
>> sp:X509Token>
>> </wsp:Policy>
>> </
>> sp:ProtectionToken>
>> <sp:AlgorithmSuite>
>> <wsp:Policy>
>>
>> <sp:Basic128Rsa15/>
>> </wsp:Policy>
>> </
>> sp:AlgorithmSuite>
>> <sp:Layout>
>> <wsp:Policy>
>>
>> <sp:Strict/>
>> </wsp:Policy>
>> </sp:Layout>
>>
>> <sp:IncludeTimestamp/>
>>
>> <sp:EncryptSignature/>
>>
>> <sp:OnlySignEntireHeadersAndBody/>
>> </wsp:Policy>
>> </sp:SymmetricBinding>
>>
>> <sp:EndorsingSupportingTokens>
>> <wsp:Policy>
>> <sp:X509Token
>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
>>
>> ">
>> <wsp:Policy>
>>
>> <sp:RequireThumbprintReference/>
>>
>> <sp:WssX509V3Token10/>
>> </wsp:Policy>
>> </sp:X509Token>
>> </wsp:Policy>
>> </
>> sp:EndorsingSupportingTokens>
>> <sp:Wss11>
>> <wsp:Policy>
>>
>> <sp:MustSupportRefKeyIdentifier/>
>>
>> <sp:MustSupportRefIssuerSerial/>
>>
>> <sp:MustSupportRefThumbprint/>
>>
>> <sp:MustSupportRefEncryptedKey/>
>>
>> <sp:RequireSignatureConfirmation/>
>> </wsp:Policy>
>> </sp:Wss11>
>> <sp:Trust10>
>> <wsp:Policy>
>>
>> <sp:MustSupportIssuedTokens/>
>>
>> <sp:RequireClientEntropy/>
>>
>> <sp:RequireServerEntropy/>
>> </wsp:Policy>
>> </sp:Trust10>
>> </wsp:Policy>
>> </sp:BootstrapPolicy>
>> </wsp:Policy>
>> </sp:SecureConversationToken>
>> </wsp:Policy>
>> </sp:ProtectionToken>
>> <sp:AlgorithmSuite>
>> <wsp:Policy>
>> <sp:Basic128Rsa15/>
>> </wsp:Policy>
>> </sp:AlgorithmSuite>
>> <sp:Layout>
>> <wsp:Policy>
>> <sp:Strict/>
>> </wsp:Policy>
>> </sp:Layout>
>> <sp:IncludeTimestamp/>
>> <sp:EncryptSignature/>
>> <sp:OnlySignEntireHeadersAndBody/>
>> </wsp:Policy>
>> </sp:SymmetricBinding>
>> <sp:Wss11
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>> <wsp:Policy>
>> <sp:MustSupportRefKeyIdentifier/>
>> <sp:MustSupportRefIssuerSerial/>
>> <sp:MustSupportRefThumbprint/>
>> <sp:MustSupportRefEncryptedKey/>
>> </wsp:Policy>
>> </sp:Wss11>
>> <sp:Trust10
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>> <wsp:Policy>
>> <sp:MustSupportIssuedTokens/>
>> <sp:RequireClientEntropy/>
>> <sp:RequireServerEntropy/>
>> </wsp:Policy>
>> </sp:Trust10>
>> <sp:EncryptedParts
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
>> <sp:Body/>
>> </sp:EncryptedParts>
>> <ramp:RampartConfig
>> xmlns:ramp="http://ws.apache.org/rampart/policy
>> ">
>> <ramp:user>client</ramp:user>
>> <ramp:encryptionUser>service</ramp:encryptionUser>
>>
>> <ramp:passwordCallbackClass>com.test.ws.PWCBHandler</
>> ramp:passwordCallbackClass>
>>
>> <ramp:signatureCrypto>
>> <ramp:crypto
>> provider="org.apache.ws.security.components.crypto.Merlin">
>> <ramp:property
>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</
>> ramp:property>
>> <ramp:property
>> name="org.apache.ws.security.crypto.merlin.file">client.jks</
>> ramp:property>
>> <ramp:property
>> name=
>> "org.apache.ws.security.crypto.merlin.keystore.password">apache</
>> ramp:property>
>> </ramp:crypto>
>> </ramp:signatureCrypto>
>> <ramp:encryptionCypto>
>> <ramp:crypto
>> provider="org.apache.ws.security.components.crypto.Merlin">
>> <ramp:property
>> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</
>> ramp:property>
>> <ramp:property
>> name="org.apache.ws.security.crypto.merlin.file">client.jks</
>> ramp:property>
>> <ramp:property
>> name=
>> "org.apache.ws.security.crypto.merlin.keystore.password">apache</
>> ramp:property>
>> </ramp:crypto>
>> </ramp:encryptionCypto>
>>
>> </ramp:RampartConfig>
>> </wsp:All>
>> </wsp:ExactlyOne>
>> </wsp:Policy>
>> Thanks & Regards
>> --------
>> Siva
>>
>>
>>
>> SivaKumarl wrote:
>>>
>>> Hi Friends,
>>>
>>> I have developed webservices in java and enabled the
>>> security for this services. My client is in .NET ,when client
>>> connection i
>>> am getting the below error.
>>>
>>>
>>> Caused by: org.apache.ws.security.WSSecurityException: The
>>> signature or
>>> decryption was invalid; nested exception is:
>>> java.lang.Exception: alias is null
>>>
>>> Friends kindly help me to solve this problem.
>>>
>>> Thanks & Regards
>>> -----------
>>> Siva kumar.
>>>
>>>
>>
>> --
>> View this message in context:
>> http://old.nabble.com/Rampart-alias-in-null-tp26825462p26863236.html
>> Sent from the Axis - Dev mailing list archive at Nabble.com.
>>
>
>
--
View this message in context:
http://old.nabble.com/Rampart-alias-in-null-tp26825462p26883683.html
Sent from the Axis - Dev mailing list archive at Nabble.com.
